13 May 2016

Petya ransomware is back with a friend named Misha

Petya ransomware is back with a friend named Misha

Petya ransomware became very popular because of its name. However, the code was not efficient enough to make money for malware writers. Petya needed administrative privileges on the system to modify master boot record. If it could not get administrative privileges, it did nothing with the infected computer.

Ransomware writers had to do something about it, and they did: a very clever and scary move from. They released new malware named Misha. It is downloaded by Petya in case Petya’s installation has failed. Misha does not require administrative privileges, according to Bleepingcomputer.

After installation Misha ransomware encrypts files with AES encryption algorithm and demands ransom of 1.93 bitcoins (approximately $875). Encrypted files are renamed and 4-character extension is added to the filename, for example: test.jpg will renamed into test.jpg.7GP3.

Ransomware is distributed via emails with link to malicious executables, disguised as job applications.

Unfortunately, there is no know way to restore encrypted files for free.

Back to the list

Latest Posts

Zero-day in newly patched Adobe Acrobat was used in APT spotted by ESET

Zero-day in newly patched Adobe Acrobat was used in APT spotted by ESET

Adobe fixed zero-day in Acrobat DC.
16 May 2018
Microsoft patched 2 zero-days, critical RCE in Exchange. 68 vulnerabilities in total

Microsoft patched 2 zero-days, critical RCE in Exchange. 68 vulnerabilities in total

Overview and statistics for Microsoft Patch Tuesday in May 2018.
9 May 2018
Our SaaS Vulnerability Scanner is recognized with IT Security Software Awards by FinancesOnline Directory

Our SaaS Vulnerability Scanner is recognized with IT Security Software Awards by FinancesOnline Directory

We are recognized and awarded by FinancesOnline.
25 April 2018
Featured vulnerabilities
Information disclosure in Apache Solr
Low Patched | 24 May, 2018
Privilege escalation in GNU Glibc
Low Patched | 24 May, 2018
Multiple vulnerabilities in IBM MQ
Low Patched | 24 May, 2018
Multiple vulnerabilities in D-Link DIR-620 routers
High Not Patched | 24 May, 2018
Privilege escalation in IBM DB2
Low Patched | 24 May, 2018